Configuring SSL on Weblogic Server – Custom Identity and Custom Trust

I have been getting a lot of request for creating a very simple document for configuring SSL on Weblogic Server.

Its a pretty straight forward configuration, but most people are not aware of it. WLS is by default configured with DemoIdentity and DemoTrust, we just need to enable SSL port under General Tab of the Server and WLS will start listening over SSL on that port. However using Demo Certificates are not recommended in Production Environment so we can either get our certificates signed by a third party certifying authority or use our own root ca which we can use to sign our own certificates. To keep things simple I have developed a simple build script to generate SELF SIGNED CERTIFICATES. You just need to set the environment by running setWLSEnv.cmd present under WL_HOME\server\bin. Run the build script and the keystores will be generated in that directory. I have used keytool to generate the keystores, you can get more details here

Follow the steps below to configure WLS with your Custom Certificates. Later you can modify the values in the build.xml to suit your requirement. Which makes it very easy to generate the Keys Just by Modifying the Attribute values….

I am bit confused over this after reading the weblogic documentation (http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/ssl.html) . What is the exact steps for generating the certificate
1. Create the identity . This include the private key and self signed certificate. The first command used by u will generate this.
2. What is the use of the 2nd command (selfcert) and then export??
3. Why we are not generating the csr??
4.In the last command what we are trying to import??

My friend, you are GREAT.
I was in big trouble with this until I found this.
I have installed weblogic in Linux and I prefered to convert your xml to a unix script in which I’m more familiar with.
Thanks again

Hi Faisal,
We are using two load balancere in my project. Only one will serve the traffic at a time, other will be down or disabled.
In order to use any one load balancere for weblogic I need to modify alias name and nodemanager.peroperties file each time. For example two load balancers are abc.int.com and def.int.com, I need to change alias name and the nodemanager.properties file every time to divert the traffic. Please advise is there any way to use the two load balancers without changing the alias name and nodemanager properties file every time..? Please advise. Thanks in Advance.